Installing software by piping from curl to bash is obviously a bad idea and a knowledgable user will most likely check the content first. So wouldn't it be great if a malicious payload would only render when piped to bash? A few people have tried this before by checking for the curl user agent which is by no means fail safe - the user may simply curl the url on the commandline revealing your malic
![Detecting the use of "curl | bash" server side | Application Security](https://cdn-ak-scissors.b.st-hatena.com/image/square/aaaa913911a0389cb08456b16ab7cc8666181d5b/height=288;version=1;width=512/https%3A%2F%2Fwww.idontplaydarts.com%2Fimages%2Fbashmov.gif)